las vulnerabilidades más últimas de la persona notable de Advisories

  • ISC BIND TKEY Query Handling Denial Of Service Vulnerability (CVE-2015-5477)
     Gravedad:    
     Fecha recomendada:  05 de agosto de 2015
    named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
  • Android Mediaserver Vulnerability (CVE-2015-3823)
     Gravedad:    
     Fecha recomendada:  04 de agosto de 2015

    Trend Micro researchers discovered this vulnerability in Android devices that could potentially allow attackers to perform Denial of Service (DoS) attacks once successfully exploited. It affects Android versions <4.0.1 Jelly Bean to 5.1.1 Lollipop.

    Attackers need to trick users into installing a malicious app or go to a malicious website in order to download the said bug on their devices.

  • "Stagefright" Android vulnerability (CVE-2015-3824)
     Gravedad:    
     Fecha recomendada:  31 de julio de 2015

    This Android vulnerability known as “Stagefright” can be leveraged by attackers to install a malware on Android devices via a multimedia message (MMS). It affects versions of Android from 4.0.1 to 5.1.1. The said vulnerability, designated with CVE-2015-3824, resides in mediaserver component, which is for handling open media files.

  • Mozilla Firefox Vulnerability (CVE-2015-0817)
     Gravedad:    
     Fecha recomendada:  30 de julio de 2015

    This flaw allows remote attackers to read or write to memory thus allowing the execution of arbitrary code via crafted JavaScript. As such, it compromises the security of the system.

  • (MS15-078) Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
     Gravedad:    
     Fecha recomendada:  29 de julio de 2015
    This zero-day vulnerability emerged in the Hacking Team leak, which could allow attackers to have remote control of the affected system when exploited successfully. In addition, affected systems can be potentially infected with rootkits and bootkits.
  • Adobe Flash Player Vulnerability (CVE-2015-3104)
     Gravedad:    
     Fecha recomendada:  27 de julio de 2015
    This Adobe Flash vulnerability is used by Angler Exploit Kit as a starting point in the infection chain that spreads a Point-of-Sale (PoS) malware reconnaissance. Trend Micro detects this PoS malware as TROJ_RECOLOAD.A that checks if the infected system is a PoS machine or part of the PoS network.
  • Arbitrary Memory Read in Libxslt (CVE-2012-2825)
     Gravedad:    
     Fecha recomendada:  21 de julio de 2015
    This vulnerability assigned with CVE-2012-2825 is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
  • Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
     Gravedad:    
     Fecha recomendada:  21 de julio de 2015

    This vulnerability is assigned as CVE-2015-2426 and is described as the following:

    Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

  • Arbitrary Memory Read in Libxslt (CVE-2012-2871)
     Gravedad:    
     Fecha recomendada:  21 de julio de 2015
    This vulnerability is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
  • Linux Kernel Futex Local Privilege Escalation (CVE-2014-3153)
     Gravedad:    
     Fecha recomendada:  16 de julio de 2015
    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.